使用--prefix=/usr 顺便指定一下安装目录
$ cd nginx-1.15.9
$ ./configure --prefix=/usr/local/nginx \\
--prefix=/opt/nginx \\
–-conf-path=/etc/nginx/nginx.conf
--with-http_ssl_module \\
--with-stream
config之后生成的中间文件会生成在objs目录下, 里面指定了哪些module会被编译进nginx中.
升级的时候用新编译好的nginx二进制文件替换之前的二进制文件, 然后给nginx master进程发送一个信号 ‘kill -USR2 pid’, 等待新的master进程启动之后 , 再给旧的master进程发送一个信号 ‘kill -WINCH pid’ 把所有的worker进程切换过去, 需要注意老的master进程需要手动kill (因为如果新的master进程如果有问题还能退回到老的master进程)
参考: https://www.cnblogs.com/yyxp/p/16449078.html
#user nobody;
# CPU核心数-1
worker_processes 3;
# nginx错误日志的目录
#error_log logs/error.log;
error_log logs/error.log notice;
#error_log logs/error.log info;
# nginx进程id记录文件路径
pid logs/nginx.pid;
# 单个进程可打开的最大文件数量
worker_rlimit_nofile 1024;
events {
# epoll 模型对事件处理进行优化
use epoll;
# 客户端最大连接数,建议与单个进程可打开的最大文件数量保持一致
worker_connections 1024;
}
http {
# 隐藏nginx版本信息
server_tokens off;
include mime.types;
default_type application/octet-stream;
# 日志格式
log_format main '[time:$request_time s] $remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'$upstream_addr $upstream_response_time $request_time $upstream_status '
'"$http_range" "$sent_http_content_range"'
'"$gzip_ratio"'
'"$query_string"'
'"-http_refer:$http_referer"';
# nginx日志缓存,降低日志IO。
open_log_file_cache max=10240 inactive=60s valid=1m min_uses=2;
# 文件上传大小
client_max_body_size 100m;
client_header_buffer_size 64k;
large_client_header_buffers 4 4k;
# 压缩配置
gzip on;
gzip_min_length 2k;
gzip_buffers 4 16k;
gzip_comp_level 3;
gzip_vary on;
gzip_types text/plain application/x-javascript application/javascript application/css text/css application/xml application/json;
# 缓存配置
proxy_connect_timeout 3600s;# Nginx与代理的服务连接超时时间(Nginx请求代理服务)
proxy_read_timeout 3600s; # Nginx从代理服务读取文件超时时间
proxy_send_timeout 3600s; # Nginx向代理服务写入文件超时时间
proxy_buffer_size 512k; # 客户端请求头header大小
proxy_buffers 64 512k; # 缓冲区的大小和数量
proxy_busy_buffers_size 512k; #
proxy_temp_file_write_size 512k; #
## 当上游服务器的响应过大不能存储到配置的缓冲区域时,Nginx存储临时文件硬盘路径 ,设置为服务器上存在的目录
proxy_temp_path /usr/local/nginx1.20/cache_temp_path;
# 注意【cache_one】,后续的location会用到
proxy_cache_path /usr/local/nginx1.20/cache_path levels=1:2 keys_zone=cache_one:500m inactive=1d max_size=10g use_temp_path=off;
# proxy_cache_key $host$request_uri;
client_body_buffer_size 10240k;
output_buffers 8 64k;
postpone_output 1460;
client_header_timeout 120s;
client_body_timeout 120s;
sendfile on;
keepalive_timeout 65;
upstream cwbb {
# 会话保持,必须安装sticky模块
sticky name="hellosticky";
server 192.168.137.121:8080 max_fails=5 fail_timeout=600s weight=10;
server 192.168.137.121:8081 max_fails=5 fail_timeout=600s weight=10;
server 192.168.137.121:8083 max_fails=5 fail_timeout=600s weight=10;
server 192.168.137.121:8084 max_fails=5 fail_timeout=600s weight=10;
check interval=3000 rise=2 fall=5 timeout=1000 type=http;
}
server {
listen 80;
server_name localhost;
# 如果没有配置https证书,则listen 443 ssl; ssl_certificate; ssl_certificate_key; ssl_session_cache; ssl_session_timeout;都可以用#注释
#listen 443 ssl;
#ssl_certificate /usr/local/nginx1.20/cert/xxx.crt;
#ssl_certificate_key /usr/local/nginx1.20/cert/xxx.key;
#ssl_session_cache shared:SSL:10m;
#ssl_session_timeout 5m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
location ~* ^.+\\.(jpg|jpeg|gif|png|js|ttf|css|json|)$ {
proxy_pass <http://cwbb>;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
proxy_cache off;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_buffer_size 128k;
proxy_buffers 4 128k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_cache_valid 200 304 302 24h;
proxy_cache_key $server_addr$uri$is_args$args;
add_header Cache-Control no-cache;
}
# check模块配置
location /check_status {
check_status;
access_log off;
}
# stub模块配置
location /stub_status {
stub_status;
access_log off;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
## 根目录访问 ,如果有其他需要代理的路径,则依次增加location即可
location / {
## 如果信息中心强制禁止不安全的请求类型,增加如下配置,GET|POST|HEAD是允许的请求类型
if ($request_method !~ ^(GET|POST|HEAD)$) {
return 403 '{"timestamp":"2019-05-30T12:39:03.593","success":false,"errorCode":"403","errorMessage":"不安全的请求类型:$request_method","errorDetail":"不安全的URL:$request_uri","data":null}';
}
proxy_pass <http://cwbb>;
limit_rate 400k;
limit_rate_after 5m;
proxy_connect_timeout 1200;
proxy_send_timeout 1200s;
proxy_read_timeout 1200s;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Cache-Control no-cache;
}
}
}
日志自定义格式(json, 可定义在http语句块内)
注意自定义日志格式名称不能为combined, 因为这是nginx默认的日志格式名称
log_format log_json '{"@timestamp": "$time_local", '
'"remote_addr": "$remote_addr", '
'"referer": "$http_referer", '
'"request": "$request", '
'"status": $status, '
'"bytes": $body_bytes_sent, '
'"agent": "$http_user_agent", '
'"x_forwarded": "$http_x_forwarded_for", '
'"up_addr": "$upstream_addr",'
'"up_host": "$upstream_http_host",'
'"up_resp_time": "$upstream_response_time",'
'"request_time": "$request_time"'
' }';
access_log logs/access.log log_json; # 引用日志格式名称
https://blog.csdn.net/qq_43412528/article/details/118606569